SynAttack Ransomware Now Using Process Doppelgänging

Windows Articles

How to install WordPress with Nginx on Ubuntu 20.04?

Hi, folks. In this post, we will help you install Wordpress with Nginx on Ubuntu 20.04. It's a lot easier than you...

Electron 9.0 available

News has arrived that many developers are going to love. And that is that Electron this great cross-platform application framework has released...

How to install SQLite on Ubuntu 20.04 / 18.04?

There is a wide variety of database managers today. Of all of them, MySQL continues to be the most prominent within open source. On...

Deploy a Jitsi Meet server with Docker

Hi, folks. In this very short tutorial, I will show you how to deploy a Jitsi Meet server using Docker. This indicates...

How to Create Apache Virtual Hosts on Ubuntu 20.04 /Debian 10.4

Maybe you want to run more then1 domain on the same Server, why buying another server while its possible to run...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

Ransomware is one of the most heinous pieces of software floating in the cyber world. They attack a computer, encrypts its files and asks for ransom in the change of decryption of the file. SynAttack is one of such ransomware. Recently, an improved edition of this ransomware was spotted online that is using a better method for getting into systems.

According to security researchers, this ransomware is now using “process doppelgänging” technique. This is essentially a code injection system. This system abuses the NTFS mechanism of Windows to create and hide malicious processes inside the system. Thus, the ransomware also hides from the antivirus software and effectively takes over the system.

SynAttack ransomware comes back

SynAttack ransomware strain was the nightmare during August & September 2017 that infected systems all over the world. Back then, this malware was a simpler threat comparing to the present day threats.

That’s because the malware was still in its development process. Recently, a report of Kaspersky tells us that the brand new malware is well-developed. It now uses top-class encryption routine, evading detection with process doppelgänging and above all, the core of it is tightly protected for protection against any reverse engineering.

The spreading method is still not so clear. Back in the day when SynAttack emerged and caused a ruckus, the malware strain used badly-secured or insecure (open) RDP connections. There’s been no major patch-up for the RDP scheme as there’s no major malware that used this path. It’s safe to assume that the crooks are using the same method for infiltrating into systems with the latest SynAttack variant.

Here are the messages you’ll get once SynAttack gets you. The best way to stay protected is to protect your remote desktop connection with the powerful password and use better encryption systems. Moreover, make sure that remote desktop service is turned off properly so that it’s unavailable in your system temporarily.

Presently, robots are also in the threat of ransomware. Learn about the robot ransomware – the future threat.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to install WordPress with Nginx on Ubuntu 20.04?

Hi, folks. In this post, we will help you install Wordpress with Nginx on Ubuntu 20.04. It's a lot easier than you...

Electron 9.0 available

News has arrived that many developers are going to love. And that is that Electron this great cross-platform application framework has released...

How to install SQLite on Ubuntu 20.04 / 18.04?

There is a wide variety of database managers today. Of all of them, MySQL continues to be the most prominent within open source. On...

Deploy a Jitsi Meet server with Docker

Hi, folks. In this very short tutorial, I will show you how to deploy a Jitsi Meet server using Docker. This indicates...

How to Create Apache Virtual Hosts on Ubuntu 20.04 /Debian 10.4

Maybe you want to run more then1 domain on the same Server, why buying another server while its possible to run...